forked from kubernetes-sigs/gateway-api
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgateway-invalid-tls-configuration.yaml
91 lines (91 loc) · 2.15 KB
/
gateway-invalid-tls-configuration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gateway-certificate-nonexistent-secret
namespace: gateway-conformance-infra
spec:
gatewayClassName: "{GATEWAY_CLASS_NAME}"
listeners:
- name: https
port: 443
protocol: HTTPS
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- group: ""
kind: Secret
name: nonexistent-certificate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gateway-certificate-unsupported-group
namespace: gateway-conformance-infra
spec:
gatewayClassName: "{GATEWAY_CLASS_NAME}"
listeners:
- name: https
port: 443
protocol: HTTPS
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- group: wrong.group.company.io
kind: Secret
name: tls-validity-checks-certificate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gateway-certificate-unsupported-kind
namespace: gateway-conformance-infra
spec:
gatewayClassName: "{GATEWAY_CLASS_NAME}"
listeners:
- name: https
port: 443
protocol: HTTPS
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- group: ""
kind: WrongKind
name: tls-validity-checks-certificate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: gateway-certificate-malformed-secret
namespace: gateway-conformance-infra
spec:
gatewayClassName: "{GATEWAY_CLASS_NAME}"
listeners:
- name: https
port: 443
protocol: HTTPS
allowedRoutes:
namespaces:
from: All
tls:
certificateRefs:
- group: ""
kind: Secret
name: malformed-certificate
---
apiVersion: v1
kind: Secret
metadata:
name: malformed-certificate
namespace: gateway-conformance-infra
data:
# this certificate is invalid because contains an invalid pem (base64 of "Hello world"),
# and the certificate and the key are identical
tls.crt: SGVsbG8gd29ybGQK
tls.key: SGVsbG8gd29ybGQK
type: kubernetes.io/tls